NSA hack: SWIFT and EastNets reject security breach claims

Last week it was reported that the US National Security Agency (NSA) has created tools that exploit security weaknesses, enabling it to monitor bank transfers on the SWIFT global banking network. The hacking tools are said to have enabled access to two SWIFT service bureaus, one of which is reported to be Dubai-based EastNets.

The BBC reported that the NSA-created hacking tools had been leaked online by a hacking group called Shadow Brokers. The article said: “Such a hack could have enabled the US to covertly monitor financial transactions”.

EastNets, which has 1,000 customers in 120 countries, including 22 of the top 50 global banks, has completely refuted the claims made by Shadow Brokers. It said there is “no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau”. The EastNets statement went on to say: “The reports of an alleged hacker-compromised EastNets Service Bureau (ENSB) network is totally false and unfounded. The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities. The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks. The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013.”

SWIFT: 'network not compromised'

SWIFT has said that the allegations date back to 2013, that they concern two service bureaus and that the SWIFT global network and messaging services have not been compromised. It said in its statement:

“The allegations suggest there may have been attempts to gain unauthorised access to data at two service bureaux. The exploits do not target SWIFT’s infrastructure or data. There is no impact on SWIFT’s infrastructure or data, and there is no evidence to suggest that there has been any unauthorised access to SWIFT’s network or messaging services. The material that has been published by Shadow Brokers, and which dates back several years, suggests that attempts may have been made by unauthorised third parties to access communications between these service bureaux and their customers. While this information is historic, we are in close contact with the service bureaux to remind them of their responsibility to inform their customers and to perform additional checks against the identified and other known threats, as well as to make sure that any necessary additional preventative measures are put in place.”

The files containing the malware (or 'exploits'/security weaknesses), which are thought to have been created by the NSA and have now been leaked online by the hacking group Shadow Brokers, would have been worth up to $2 million if sold privately, according to one estimate.

SWIFT was breached by a cyber attack in 2016, when criminals stole $81m from the Bangladeshi central bank.

Customers must secure internal software immediately

In its statement, SWIFT advised customers to:

pay close attention to your own security;

take security into consideration when selecting a service bureau and working with other third party providers;

CTMfile take: This is a very worrying story for all corporates that use service bureaus. SWIFT's advice to corporates is to tighten up on internal security and install software security updates and patches immediately. There doesn't seem to be an answer yet on what the NSA was – allegedly – monitoring and why.